Expanding on “Code Reviews Trumps Unit Testing, But They Are Better Together”
Tuesday, October 18th, 2011Michael Delaney, a senior consulting software engineer at Blue Slate, commented on my previous posting. As I created a reply I realized that I was expanding on my reasoning and it was becoming a bit long. So, here is my reply as a follow-up posting. Also, thank you to Michael for helping me think more about this topic.
I understand the desire to rely on unit testing and its ability to find issues and prevent regressions. For TDD, I’ll need to write separately. Fundamentally I’m a believer in white box testing. Black box approaches, like TDD, seem to be of relatively little value to the overall quality and reliability of the code. Meaning, I’d want to invest more effort in white box testing than in black box testing.
I’m somewhat jaded, being concerned with the code’s security, which to me is strongly correlated with its reliability. That said, I believe that unit testing is much more constrained as compared to formal reviews. I’m not suggesting that unit tests be skipped, rather that we understand that unit tests can catch certain types of flaws and that those types are narrow as compared to what formal reviews can identify.